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PATENT 

IN illl. UNITED STATES PATENT AND TRADE MAR K OFFICE 

In re application of: 

Pantuso et al . 
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ATTENTION: Board of Patent Appeals and Interferences 

APPEAL BRIEF (37 C.F.R. § 41.37) 

Transmitted herewith is an A ppeal Brief in this application, with respect to the Notice of Appeal 
filed March 1.3, 2007, which reinstates the appeal originally instated by the Notice of Appeal 
tiled on June 29, 2005, and the original Appeal Brief filed July 13, 2005. 

The fees required under § E 17, and any required petition for extension of time tor filing this 
brief and tees therefor, are dealt with in the accompanying TRANSMITTAL OF APPEAL 
BRIEF. 

This brief contains these items under the following headings, and in the order set forth below (3 7 
C.F.R. §4L37(c)(i)): 

I REAL PARTY IN INTEREST 

II RELATED APPEALS AMD INTERFERENCES 

III STATUS OF CLAIMS 
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IV STATUS OF AMENDMENTS 

V SUMMARY OF CLAIMED SUBJECT MATTER 

VI GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

VII ARGUMENT 

VIII CLAIMS APPENDIX 

IX EVIDENCE APPENDIX 

X RELATED PROCEED I NG APPENDIX 



The final page of this brief bears the practitioner's signature. 
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I REAL PARTY IN INTEREST (37 C.F.R. § 4l.37(c)(lKi)) 

The reai party in interest in this appeal is McAfee, Inc. 
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II RELATED APPEALS AND INTERFERENCES (37 C.F.R. § 41.37(c) (!)(«)) 

With respect to other prior or pending appeals, interferences, or related judicial proceedings that 
will directly affect, or be directly affected by, or have a bearing on the Board's decision in the 
pending appeal, a prior appeal was noted on June 29, 2005, and was reinstated on December 12, 
2005, in the present application . 

A Related Proceedings Appendix is appended hereto 
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[II STATUS OF CLAIMS (37 C.F.R. § 4137(c) (l)<m)) 

A. TOTAL N UMBER OF CLAIMS IN APPLICATION 

Claims m the application are: 1-29 

B. STATUS OF ALL TH E CLAIMS IN APPLICATION 

1 . Claims withdrawn from consideration'. None 

2. Claims pending: 1-29 

3. Claims allowed: None 

4. Claims rejected: 1-29 

5 Claims cancelled: None 

C. CLAI MS ON APPEAL 

The claims on appeal are: 1-29 

See additional status information in the Appendix of Claims. 
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IV STATUS OF AMENDMENTS (37 C.F.R, § 41.37(c)(l ){iv)) 

As to the status of any amendment filed subsequent to final rejection, the Amendment submitted 
on 03/30/2005 was entered by the Examiner. 
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V SUMMARY OF CLAIMED SUBJECT MATTER (37 C.F.R. § 4I.37(c)(l)(v)) 

With respect to a summary of Claim 1, as shown in Figure 5 ei al., a method is provided for 
management of network access on a per application basis. In use, applications are selected from 
a group of applications adapted for working in conjunction with a first application program 
i nterface to gain access to a network (e.g. item 501 of Figure 5, etc.), the first application 
program interface adapted for permitting the applications to gain access to the network. 
Additionally, a second application program interface adapted for precluding the applications 
from accessing the network is installed (e.g. item 504 of Figure 5, etc. ). Further, the selected 
applications are wrapped for allowing the selected applications to access the network via the 
second application program interface (e.g. item 506 of Figure 5. etc.). where the selected 
applications would otherwise be precluded network access by the second application program 
interface. See, for example, page 5, lines 3-1 1; and page 5, line 23 - page 6, line 2 et al. 

With respect to a summary of Claim 8, as shown in Figure 5 et al., a computer program product 
is provided for management of network access on a per application basis. In use. computer code 
is provided for selecting applications from a group of applications adapted for working in 
conjunction with a first application program interface to gain access to a network (e g, item 501 
of Figure 5, etc.), the first application program interface adapted for permitting the applications 
to gain access to the network. Additionally, computer code is provided for installing a second 
application program interface adapted for precluding the applications from accessing the network 
(e.g. item 504 of Figure 5, etc.). Further, computer code is provided for wrapping the selected 
applications for allowing the selected applications to access the network via the second 
application program interface (e.g. item 506 of Figure 5, etc.), where the selected applications 
would otherwise be precluded network access by the second application program interface. See, 
for example, page 5, lines 3-1 .1 , and page 5, line 23 - page 6, line 2 et. al. 

With respect to a summary of Claim IS, as shown in Figure 5 et al, a system is provided for 
management of network access on a per application basis. In use, logic is provide for selecting 
applications from a group of applications adapted for working in conjunction with a first 
application program interface to gain access to a network; (e.g. item 501 of Figure 5, etc.), the 
first application program interface adapted for permitting the applications to gain access to the 
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iietwork . Additionally, logic is provided for installing a second application program interface 
adapted for precluding the applications from accessing the network (e.g. item 504 of Figure 5, 
etc.). Further, logic is provided for mapping the selected applications for allowing the selected 
applications to access the network via the second application program interface (e.g. item 506 of 
Figure 5, etc.), where the selected applications would otherwise be precluded network access by 
the second application program interface. See, for example, page 5, lines 3-1 1 ; and page 5, line 
23 - page 6, lme2etai. 

With respect to a summary of Claim 22, as shown in Figures 2 and 5 et at., a system is provided 
for management of network access on a per application basis. In use, means is provided for 
selecting applications (e.g. item 210 of Figure 2, etc.) from a group of applications adapted for 
working in conjunction with a first application program interface to gain access to a network 
(e.g. item 501 of Figure 5, etc.), the first application program interface adapted for permitting the 
applications to gain access to the network. Additionally, means is provided for installing (e.g. 
item 210 of Figure .2, etc) a second application program interface adapted for precluding the 
applications from accessing the network (e.g. item 504 of Figure 5, etc.). Further, means is 
provided for wrapping (e.g. item 210 of Figure 2, etc.) the selected applications for all owing the 
selected applications to access the network via the second application program interface (e.g. 
item 506 of Figure 5, etc.), where the selected applications would otherwise be precluded 
network access by the second application program interface. See, for example, page 5, lines 3- 
1 1 ; page 5, line 23 - page 6, line 2; and page 8, lines 23-25 et al. 

With respect to a summary of Claim 23, as shown in Figures 2 and 3 et al., a data structure stored 
in memory is provided for management of network access on a per application basis. In use, an 
application program interface object is provided (e.g. item 320' of Figure 3, etc.) for precluding a 
plurality of applications from accessing a network {eg. item 235 of Figure 2, etc.). Also, a 
permitting application program interface (e.g. item 320 of Figure 3, etc ) is adapted for 
permitting the applications to gain access to the network. Additionally, a wrapper object is 
provided (e.g. item 322 of Figure 3, etc.) for wrapping selected applications (e.g. item 304 of 
Figure 3, etc.) for allowing the selected applications to access the network via the application 
program interface object, where the selected applications would otherwise be precluded network 
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access by the application program interface object. See, for example, page 5, lines 3-1 1; page 5, 
line 23 - page 6, line 2; and page 10, lines 7-20 et al. 

With respect to a summary of Claim 24, as shown in Figure 5 et al., a method is provided for 
management of network access on a per application basis. In use, a precluding application 
program interface adapted for precluding a plurality of applications from accessing a network is 
installed (e.g. item 504 of Figure 5, etc.), wherein a permitting application program interface is 
adapted for permitting the applications to gain access to the network (e.g. item 501 of Figure 5, 
etc). Additionally, a plurality of selected applications is wrapped for allowing the selected 
applications to access the network via the precluding application program interface (e.g. item 
506 of Figure 5, etc.), where the selected applications would otherwise be precluded network 
access by the precluding application program interface. See, for example, page 5, lines 3-11; and 
page 5, line 23 - page 6, line 2 et al. 

Of course, the above citations are merely examples of the above claim language and should not 
be construed as limiting in any manner. 
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VI GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL (37 CF.R. § 
4E37(c)(l)(vi)) 

Following, under each issue listed, is a concise statement setting forth the corresponding ground 
of rejection. 

Issue # 1: The Examiner has rejected Claims 15-29 under 35 U.S.C. 101 as being directed toward 
non -statutory subject matter. 

Issue # 2: The Examiner has rejected Claims 1, 8, 15, 22-24, 26 and 29 under 35 U.S.C, 103(a) 
as being unpatentable over Lee et al. (U.S. Publication No. 2003/01 35465 Al), in view of Sitbon 
et al. (U.S. Patent No. 5,568,487), and further in view of Scfawabe (U.S. Patent No. 6,651,186). 

Issue #3: The Examiner has rejected Claim 2 under 35 U.S.C 103(a) as being unpatentable over 
Lee et a). (U.S. Publication No. 2003/0135465 Al), in view of Shbon et al. (U.S. Patent No. 
5,568,487), in view of Schwabe (U.S. Patent No. 6,651,186), and further in view of OPT 
(Optimizations). 

Issue #4: The Examiner has rejected Claims 2-6, 9-13, 16-20 and 25 under 35 U.S.C. 103(a) as 
being unpatentable over Lee et a!. (U.S. Publication No. 2003/0135465 Al), in view of Sitbon et 
al. (U.S. Patent No. 5,568,487), in view of Schwabe (U.S. Patent No. 6,65 1,186), in view of OPT 
(Optimizations), and further in view of Moeller (U.S. Patent No. 5,473,777). 

Issue #5; The Examiner has rejected Claims 7, 14 and 21 under 35 U.S.C. 1 03(a) as being 
unpatentable over Lee et al, (U.S. Publication No. 2003/0 i 35465 A I ), in view of Sitbon et al. 
(U.S. Patent No. 5,568,487), in view of Schwabe (U.S. Patent No. 6,65 1, i 86), and further in 
view of Alexander et al. (U.S. Patent No. 6,748,343). 

Issue #6: The Examiner has rejected Claim 27 under 35 U.S.C. 103(a) as being unpatentable over 
Lee et al. (U.S. Publication No. 2003/0135465 Al), in view of Sitbon et al. (U.S. Patent No. 
5,568,487), in view of Schwabe (U.S. Patent No. 6,651,186), and further in view of Michael 
Norton (Basics of Network Segmentation; Switching and Bridging). 



- n - 



Issue #7: The Examiner has rejected Claim 28 under 35 U.S.C. 103(a) as being unpatentable over 
Lee etal, (U.S. Publication No. 2003/0135465 A l), in view of Sitbon etaJ. (U.S. Patent No. 
5,568,487), in view of Schwabe (U.S. Patent No. 6,651,186), and further in view of Bermudez et 
al. (U.S. Patent No. 6,874,149). 
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VII ARGUMENT (37 C.F.R. § 41.37(c)(1)(vii)) 

The claims of the groups noted below do not stand or fall together. In the present section, 
appellant explains why the claims of each group are believed to be separately patentable. 

Issue # 1 : 

The Examiner has rejected Claims 15-29 under 35 U.S.C. 101 as being directed toward non- 
statutory subject matter. 

Group #/: Claims 15-22 

The Examiner has argued that Claims 15-22 are non -statutory because they are not tan i ■ \ 
embodied in a manner so as to be executable. Specifically, the Examiner has stated that 
"[sjelecttng, installing, [and] wrapping appear to be software functions, which are not tangible." 

Appellant respectfully disagrees and points out that appellant's claimed "logic' 5 (Claim 15) and 
"means" (Claim 22) for completing appellant's specific claim language. 

Group #2; Claim 23 

The Examiner has rejected Claim 23 as not being tangible. Specifically, the Examiner has 
argued that "the data structure stored in a memory claim do[es] not require use of [a] hardware 
computer to perform, and would not result in a practical application producing a useful, concrete, 
an[d] tangible result. Appellant respectfully disagrees. First, appellant respectfully asserts that a 
data structure "stored in memory" is tangible. Second, appellant respectfully asserts that 
appellant claims "wrapping selected applications for allowing the selected applications to access 
the network via the application program interface object, where the selected applications would 
otherwise be precluded network access by the application program interface object," which is 
clearly a useful, concrete and tangible result. Thus, appellant respectfully disagrees with the 
Examiner's rejection. 



- 13- 



Group U3: Claim 24 

Appellant respectfuMy points out that the Examiner has failed to provide any explanation for 
rejecting Claim 24 under 35 U.S.C. 101 . However, appellant respectfully asserts that appellant 
claims a "method for management of network access on a per application basis," and that such 
"method" is clearly statutory. 

Group $4: Claims 25-29 

Appellant respectfully points out that the Examiner has failed to provide any explanation tor 
rejecting Claims 25-29 under 35 U.S.C. 101 . However, appellant respectfully asserts that 
appellant claims a "method for management of network access on a per application basis" (see 
independent Claim 1 for context), and that such "method" of dependent Claims 25-29 is clearly 
statutory, 

ISSHC Ir 2 

The Examiner has rejected Claims 1, 8, 15, 22-24, 26 and 29 under 35 U.S.C. 103(a) as being 
unpatentable over Lee et al. (U.S. Publication No. 2003/0135465 A 1), in view of Sitbon et al. 
(U.S. Patent No. 5,568,487), and further in view of Schwabe (U.S. Patent No. 6,651,186). 

Group # I: Claims J, S, 15, arid 22 

To establish a prima facie case of obviousness, three basic criteria must be met. First, there must 
be some suggestion or motivation, either in the references themselves or in the knowledge 
. . H ally available to one of ordinary skill in the art, to modify the reference or to combine 
reference teachings Second, there must be a reasonable expectation of success. Finally, the prior 
art reference (or references when combined) must teach or suggest al! the claim limitations. The 
teaching or suggestion to make the claimed combination and the reasonable expectation of 
success must both be found in the prior art and not based on appellant's disclosure. In re 
i aeck.,947 F.2d 488, 20 USPQ2d 1438 (Fed Cir. 1991). 
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With respect to the first element of the prima facie case of obviousness, the Examiner has argued 
that "[ijt would have been obvious to one of the ordinary skill in the art at the time the inv ention 
was made to modify the teaching of Lee, Sitbon and Schwabe because Schwabe' s selecting 
applications for working in conjunction with a first application program interface would improve 
the efficiency of fee and Si toon's systems by allowing program verifying to ensure binary 
compatibility." Appellant respectfully asserts that it would not have been obvious to combine 
the teachings of the Lee, Sitbon and Schwabe references, especially in view of the vast evidence 
to the contrary. 

Appellant respectfully asserts that the combination of the Schwabe, Lee and Sitbon references 
would not have been obvious since Schwabe relates to yej i >r aam set Vbstract) while 
Lee relates to securing content stored on media (see Abstract), and Sitbon relates to an address 
conversion process. These are clearly non-analogous arts, "in order to rely on a reference as a 
basis for rejection of an [appellant's] invention, the reference must either be in the field of 
i >e!!ant s j endeavor or, if not, then be reasonably pertinent to the particular problem with 
which the inventor was concerned." in re Oetiker, 977 F.2d 1443, 1446, 24 USPQ2d 1443, 1445 
(Fed. Cir. 1992). See also In re Demmski, 796 F.2d 436, 230 USPQ 3 13 (Ted. Cir. 1986); In re 
Clay, 966 F.2d 656, 659, 23 USPQ2d 1058, 1060-61 (Fed. Cir. 1992) In view of the vastly 
different types of problems a ..program verification systen^ , a.content security system and an 
address conversion process address , the Examiner's proposed combination is inappropriate. 

Still yet, appellant respectfully disagrees with the Examiner's argument that, it would have been 
obvious to combine the foregoing references "because Schwabe's selecting applications for 
working in conjunction with a first application program interface would improve the efficiency 
of Lee and Sitbon' s systems by allowing program verifying to ensure binary compatibility." 
Appellant respectfully disagrees with the Examiner's assertion since, as noted above, Schwabe 
does not teach any sort of "selecting applications" as noted by the Examiner, but instead only 
teaches determining if a program is consistent with an API definition file. Thus, for at least these 
reasons, the first element of the prima facie case of obviousness is clearly not met. 

Moreover, appellant respectfully asserts that such references also fail to satisfy the third element 
of the prima facte ca se of ob v iousness . For example, with respect to the independent claims, the 
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Examiner has relied on Col. 12, lines 13-16 in Schwabe to make a prior art showing of 
appellant's claimed "selecting applications from a group of applications adapted for working in 
conjunction with a first application program interface to gain access to a network" (see this or 
similar, but not necessarily identical language in the independent claims). 

Appellant respectfully asserts that such excerpt from Schwabe merely discloses "determining] 
whether the first program unit implementation is consistent with a first program unit API 
definition file associated with the first program unit implementation." Clearly, determining 
whether a program is consistent with an API definition file for purposes of "remote verification'' 
of the program (Col. 1.2, lines 10-11), as in Schwabe, does not even suggest any sort of selecting 
applications , as appellant claims, let alone "selecting applications from a group of applications" 
that are "adapted for working in conjunction with a first application program interface" 
(emphasis added), as specifically claimed. 

In fact, appellant respectfully points out thai Col. .12, lines 10-1 .1 in Schwabe expressly disclose 
that the "remote verification uses in API definition file for each [j < >gi r itj < nplementation" 
(emphasis added). Appellant respectfully asserts that verifying each program unit 
implemMtation, as in Schwabe, fails to teach or suggest appellant's claimed "selecting 
applications from a group of applications," as claimed. Furthermore, such excerpt from Schwabe 
does not even mention a network , and thus does not meet appellant's claimed "group of 
applications adapted for working in conjunction with a first application program interface to gain 
access. to a network" (emphasis added), as claimed by appellant. 

Additionally, with respect to the independent claims, the Examiner has relied on the following 
excerpts from Lee to make a prior art showing of appellant's claimed "group of applications 
adapted for working in conjunction with a first application program interface to gain access to a 
network, the first application program interface adapted for permitting the applications to gain 
access to the network" (see this or similar, but not necessarily identical language in the 
independent claims). 

"The cogent elerctent.s 502 and 50(4 5 • encr. ypted . " (Paragraph 01.41, 
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" an «nfciti ontrolling certification at hosts. ?hv ^ <. : i «. 
specifies th-a secure AF 1 !;; :i00 to which an applies tion 5.16 ttsay have 
^IrSr.Z.tr:. ' " ■ ? d ~'^9 ::«pi- 0145, lines 6-8 eirtphasi;; acki^d; 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that 
"[t]he certificate 514 specifies the secure APIs 508 to which an application 51.6 may have 
access" (emphasis added) and that "[tjhe content elements 502 and 504 are encrypted." 
However, simply disclosing secure APIs to which an application may have access, as in Lee, 
fails to even suggest a "first application program interface adapted for^em 
a pplications to gai n access to the network " (emphasis added), as claimed by appellant. In 
particular, the excerpts from Lee relied on by the Examiner only disclose secure APIs and an 
application which accesses them, which cannot meet appellant's claimed "first application 
program interface," in the context claimed. 

Still with respect to appellant's claimed "group of applications adapted for working in 
conjunction with a first application program interface to gain access to a network, the first 
application program interface adapted for permitting the applications to gain access to the 
network," the Examiner has admitted that "Lee does not explicitly [teach] network access," but 
has argued that "Sitbon teaches network access (access to these network, col 1, In 1-12) " 

Appellant respectfully disagrees and asserts that, in Col 1, lines 9-1 4, Sitbon merely teaches that 
"ft]he present invention relates to a process of address conversion for porting 
telecommunications applications from the TCP/IP network to the OSI-CO network, access to 

hi ks being a rued by wa; I ! avjs b ) as a 'st ej r . 1 <■ "i h > 1 

network, and a 'XTF interface for the OSI-CO network" (emphasis added). However, simply 
disclosing that access to networks is authorized by way of a socket interface, in no way suggests 
a "first application program nt« rj ice ukpted for permitting the applications to gain. access to 
the network" (emphasis added), as claimed by appellant. 

Furthermore, with respect to the independent claims, the Examiner has relied on Paragraph 01 29, 
lines 1-2 and Paragraph 0142, lines 7-8 from Lee, as excerpted below, to make a prior art 
showing of appellant's claimed 'installing a second application program interface adapted for 
precluding the applications from accessing the network" (see this or similar, but not necessarily 
identical language in the independent claims). 
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secure APIs 508 have t t 

that only secure API s nva y :cti:i.e^„." ; Pa ?: agraph 
emphasis added} 



system may be hierarchical in nature. In one ectsbodiKient, the media disk 
may have a writeabie, write-once portion, and a read-only..." right 



Appel lant respectfully asserts that the excerpts relied upon by the Examiner merely teach that an 
"[e]ngi«e 308 presents APIs to the players/' that "[t]he secure APIs 508 have restricted access to 
content " and that "firmware prevents open access [to content] by not supporting block access for 
block drivers" (emphasis added). However, simply disclosing that APIs have restricted access to 
content and that firmware prevents open access to content, as in Lee, fails to even suggest any 
sou of installation , as claimed, let aloi e~lnsj n< application program interface 

adapted for precluding the applications from accessing the network " (emphasis added), as 
claimed by appellant. 

Further, with respect to the independent claims, the Examiner has relied on the following 
excerpts from Sitbon to make a prior art showing of appellant's claimed ''wrapping the selected 
applications for allowing the selected applications to access the network via the second 
application program interface" (see this or similar, but. not necessarily identical language in the 
independent cl ai m s). 




executable is obtained. The second object of the wrapper W is to 

ark into 

addresse s T , j 1 j a th< 

TCP/IP protocol to the CSI/CO protocol." (Col. 3, lines 5-12 - emphasis 
added) . 
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(Col . 4, L In s~8 - vox. ha s dd S 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that 
"the wrapper. . . automatically converts) the addresses specific to the TCP/IP network into 
addresses of the OS1/CO network." Clearly, a wrapper that simply converts addresses, as in 
S to i dils to disdose "i - I runs foi allowing the selected 

applications to access the network via the second application program interface" (emphasis 
added), as claimed. 

Further, with respect to the independent claims, the Examiner has relied on the Col. 3, lines 11- 
14 from Sitbon, as excerpted above, to make a prior art showing of appellant' s claimed technique 
"where the selected applications would otherwise be precluded network access by the second 
application program interface" (see this or similar, but not necessarily identical language in the 
independent claims). In particular, the Examiner has argued that "the call can not be used to 
OS I/CO interface until the call is converted to the address of the OSI/OC network" such that "the 
calls are impossible to be used by the application to access [the] network." 

Appellant respectfully disagrees. First, appellant respectfully points out that appellant claims 
that "the selected applications would otherwise be precluded network access by the second 
application program interface" (emphasis added), as claimed, and not simply that "the calls are 
impossible to be used by the application to access [the] network" (emphasis added), as alleged by 
the Examiner. Second, when read in context, appellant specifically claims that the '"second 
application program interface [is] adapts; i < ipplications from accessi il t, 

network" (emphasis added), as claimed, which is clearly not taught by Sitbon' s disclosure of 
converting addresses to enable the passage from TCP/IP protocol to OSI/CO protocol (Col. 3, 
lines 9-12). 

Appellant respectfully asserts that at least the first and third elements of the prima facie case of 
obviousness have not been met, since it would not have been obvious to combine the prior art 
references, and since the prior art excerpts, as relied upon by the Examiner, fail to teach or 
suggest aJi of the claim limitations, as noted above. 
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Grovp U2: Claim 23 

With respect to independent Claim 23, the Examiner has relied on Paragraph 0129, Sines 1-2 and 
Paragraph 0 142, lines 7-8 from Lee to make a prior art showing of appellant's claimed 
"application program interface object for precluding a plurality of applications from accessing a 
network," 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that an 
fe]ngme 308 presents APIs to the players, that 1$ [f]he secure APIs ^08 have restricted access to 
content ," and that, "firmware prevents open access [to content] by not supporting block access for 
block drivers" (emphasis added). However, simply disclosing that APIs have restricted access to 
content, and that firmware prevents open access to content, as in Lee. fails to even suggest an 
"applicatioi ros Lintei >bject for precluding a plurality of applications from accessing a 
network " (emphasis added), as claimed by appellant. 

In addition, with respect to independent Claim 23, the Examiner has relied on Paragraph [0141], 
lines 5-7 and Paragraph [0145], lines 6-8 in Lee to make a prior art showing of appellant's 
claimed technique "wherein a permitting application program interface is adapted for permitting 
the applications to gain access to the network.'" 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that 
"[fjhe certificate 514 specifies the secure.APJs 508 to which an application 516 may have 
access" (emphasis added) and that "[t'Jhe content elements 502 and 504 are encrypted" 
However, simply disclosing secure APIs to which an application may have access, as in Lee, 
fails to even suggest that a "a permitting application program interface is adapted for 
permitting the applications to gain access to the network " (emphasis added), as claimed by 
appellant. In particular, the excerpts from Lee relied on by the Examiner only disclose secure 
APIs and an application which accesses them, which cannot meet appellant's claimed 
"permitting application program interface," in the context, claimed. 

Still with respect to appellant's claimed technique "wherein, a permitting application program 
interface is adapted for permitting the applications to gain access to the network the Examiner 
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has admitted that "Lee does not explicitly [teach] network access," but that "Sitbon teaches 
network access (access to these network, col L hi 1-1.2)/' 

Appel lant respectfully disagrees and asserts that in Col. 1, lines 9-14, Sitbon merely teaches that 
"[tjhe present invention relates to a process of address conversion for porting 
telecomm unicati ons applications from the TCP/IP network to the OSi-CO network acc 
these networks being authorized by way of what is known as a "socket interface for the 'TCP/IP 
network, and a "XTF interface for the OSI-CO network" (emphasis added). However, simply 
disclosing that access to networks is authorized by way of a socket interface, in no way suggests 
that a >v i ■ s da.rud ioi permitting the applications to 

gain access to the network" (emphasis added), as claimed by appellant. 

Furthermore, with respect to independent Claim 23, the Examiner has relied on Col. 3, lines 5-12 
and Cob 4, lines 3-8 in Sitbon. to make a prior art showing of appellant's claimed "wrapper 
object, for wrapping selected applications for allowing the selected applications to access the 
network via the application program interface object/' 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that 
"the wrapper... automatically converts] the addresses specific to the TCP/IP network into 
addresses of the OS I/CO network." Clearly, a wrapper that simply converts addresses, as in 
Sitbon, fails to disclose "wrapping selected applications for allowing the selected applications to 
access the network via the application program interface object" (emphasis added), as claimed. 

Further, with respect to independent Claim 23, the Examiner has relied on the Col. 3, lines 11-14 
from Sitbon, as excerpted above, to make a prior art showing of appellant' s claimed technique 
"where the selected applications would otherwise be precluded network access by the application 
program interface object." In particular, the Examiner has argued that "the call can not be used 
to OS1/CO interface until the call is converted to the address of the OSI/OC network" such that 
"the calls are impossible to be used by the application to access [the] network." 

Appellant respectfully disagrees. First, appellant respectfully points out that appellant claims 
that the seh d aj lications v\ ould otherwise be precluded network access by the .application 
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program interface object" (emphasis added), as claimed, and not simply that "the calls are 
impossible to he used fay the application iq^ (emphasis added), as alleged fay 

the Examiner. Second, when read in context, appellant specifically claims that the "application 
program interface object [is] for precluding a plurality of applications from accessing a network" 
(emphasis added), as claimed, which is clearly not taught by Sitbon's disclosure of converting 
addresses to enable the passage from TCP/IP protocol to OSPCO protocol (Col. 3, lines 9- 1 2). 

Appellant respectfully asserts thai at least the first and third elements of the prima facie case of 
obviousness have not been met, since it would not have been obvious to combine the prior art 
references, and since the prior art excerpts, as relied upon by the Examiner, fail to teach or 
suggest aji of the claim limitations, as noted above. 

Group li-S: Claims 24 and 26 

With respect to independent Claim 24, the Examiner has relied on Paragraph 0 1 29 lines 1 -2 and 
Paragraph 0142, lines 7-8 from Lee to make a prior art showing of appellant's claimed 
"installing a precluding application program interface adapted for precluding a plurality of 
applications from accessing a network." 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that an 
"fe]ngine 308 presents APIs to the players," that "[t]he secure APIs 508 have restricted access to 
content " and that "firmware prevents open access [to content] by not supporting block access for 
block drivers" (emphasis added) However, simply disclosing thai APIs have restricted access to 
content, and that firmware prevents open access to content, as in Lee, fails to even suggest any 
sort of installation, as claimed, let alone "installing a precluding application program interface 
adapted for precluding a plurality of applications from accessing a netvvoik" (emphasis added), 
as claimed by appellant. 

In addition, with respect to independent Claim 24, the Examiner has relied on Paragraph [0141 ], 
lines 5-7 and Paragraph [0145], lines 6-8 in Lee to make a prior an showing of appellant's 
claimed technique "wherein a permitting application program interface is adapted for permitting 
the applications to gain access to the network." 



Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that 
"ftjhe certificate 514 specifies the secure APIs 508 to which an a pplication 516 may have 
access'' (emphasis added) and that i5 [t]he content elements 502 and 504 are encrypted." 
However, simply disclosing secure APIs to which an application may have access, as in Lee, 
fails to even suggest that a "a permitting application program interface is adapted for 
permitting the .applications tp„^ (emphasis added), as claimed by 

appellant. In particular, the excerpts from Lee relied on by the Examiner only disclose secure 
APIs and an application which access them, which cannot meet appellant's claimed "permitting 
application program interface," in the context claimed. 

Still with respect to appellant's claimed technique "wherein a permitting application program 
interface is adapted for permitting the applications to gain access to the network," the Examiner 
has admitted that "Lee does not explicitly [teach] network access," but that ''Sitbon teaches 
network access (access to these network, col 1, In 1-12)," 

Appellant respectfully disagrees and asserts that in Col. L lines 9-14, Sitbon merely teaches that 
"[fjhe present invention relates to a process of address conversion for porting 
telecommunications applications from the TCP/IP network to the OS1-CO network, access to 
these networks being authorized b y way of what is known as a '•.socket interface for the TCP/IP 
network, and a 'XTF interface for the OS1-CO network" (emphasis added). However, simply 
disclosing that access to networks is authorized by way of a socket interface, in no way suggests 
that a M permi ting aj pjj iti i pn gram it terface is adapted for permitting the applications to 
gain access to the network" (emphasis added), as claimed by appellant. 

Furthermore, with respect to independent Claim 24, the Examiner has relied on Col. 3, lines 5-1 2 
and Col. 4, lines 3-8 in Sitbon to make a prior art showing of appellant's claimed "wrapping a 
plurality of selected applications for allowing the selected applications to access the network via 
the precluding application program interface." 

Appellant respectfully asserts that the excerpts relied upon by the Examiner merely teach that 
"the wrapper. . . automatically eonvertjs] the addresses specific to the TCP/IP network into 
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addresses of the OSI/CO network." Clearly, a wrapper that simply converts addresses, as in 
Sitbon fails to disclose " wrapp in g ■ >j ; Mowing 1 

applications to access the network via the precluding application program interface" (emphasis 
added), as claimed 

Further, with respect to independent Claim 24, the Examiner has relied on the Col. 3, lines 11-14 
from Sitbon, as excerpted above, to make a prior art showing of appellant's claimed technique 
"where the selected applications would otherwise be precluded network access by the precluding 
application program interface." In particular, the Examiner has argued that "the call can not be 
used to OSL'CO interface until the call is converted to the address of the OSI/OC network" such 
that "the calls are impossible to be used by the application to access [the] network." 

Appellant respectfully disagrees. First, appellant respectfully points out that appellant claims 
hat "the ted apj i mons would otherwise be precluded network access by the precluding 
application program Jn terface " (emphasis added), as claimed, and not simply that "the calls are 
impossible to be *e< - k . ^pli cation to acce ss [. e > k ' (emphasis added), as alleged by 
the Examiner. Second, when read in context, appellant specifically claims that the "precluding 
application program interface [is] adapted for precluding a plurality of applications from 
accessing a network" (emphasis added), as claimed, which is clearly not taught by Sitbon' s 
disclosure of converting addresses to enable the passage from TCP/IP protocol to OSI/CO 
protocol (Col. 3, lines 9-12). 

Appellant respectfully asserts that at least the first and third elements of the prima jack case of 
obviousness have not been met, since it would not have been obvious to combine the prior art 
references, and since the prior art excerpts, as relied upon by the Examiner, fail to teach or 
suggest all of the claim limitations, as noted above. 

Group 4: Claim 29 

The Examiner has relied on Col. 2, lines 25-30 in Sitbon to make a prior art showing of 
appellant's claimed technique "wherein the second application program interface is separate 
from the first application program interface," 
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Appellant respectfully asserts that the excerpt from Sitbon relied on by the Examiner simply 
teaches "passage from the TCP/IP protocol to the OSI/CO protocol" where "the 'socket' 
interface calls, and the system calls. . .intended for the TCP/IP network are converted and 
processed " Clearly, simply disclosing converting calls between protocols, as in Sitbon, fails to 

i v first a| i 1 J _L_ t 1 ^ nd a secont j it >roi njj 1 v< 

appellant claims, and especially not where "the second application program interface is separate 
from the first application program interface," as claimed. 

Appellant respectfully asserts that at least the first and third elements of 'the prima facie case of 
obviousness have not been met, since it would not have been obvious to combine the prior art 
references, and since the prior art excerpts, as relied upon by the Examiner, fail to teach or 
suggest alj. of the claim limitations, as noted above. 

The Examiner has rejected Claim 2 under 35 U.S.C. 103(a) as being unpatentable over Lee et al. 
(U.S. Publication No. 2003/0135465 Al), in view of Sitbon etal. (U.S. Patent No. 5,568,487), in 
view of Schwabe (U.S. Patent No. 6,651,186), and further in view of OPT (Optimizations), 

Group til: Claim 2 

With respect to Claim 2, the Examiner has relied on Col. 3, lines 9-12 (excerpted below), from 
Sitbon, to make a prior an showing of appellant's clai med technique "wherein the selected 
applications are wrapped with a wrapper adapted for compressing data in a portable executable 
(PE) image that provides compression of data associated with the applications 




Appellant respectfully asserts that the excerpt from Sitbon relied upon by the Examiner merely 
teaches that "jtjhe second object of the wrapper W is to automatically convert the addi es ■ 
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specific to the TCP/IP network into addresses of the QSI/CO network" (emphasis added). 
However, converting addresses, as in Sitbon, fails to even suggest that "the se lected .applications 
arewrapped with a wrapper .adaptedforc^ in a portable executable (PE) image 

that provides compression of data associated with the applications'' (emphasis added), as 
specifically claimed by appellant. 

Appel lant respectfully asserts that at least the first element of the prima facie case of obviousness 
has not been met, since the prior art excerpts, as relied upon by the Examiner, fail to teach or 
suggest all of the claim limitations, as noted above. 

Issue #4 

The Examiner has rejected Claims 2-6, 9-13, 16-20 and 25 under 35 U.S.C. 103(a) as being 
unpatentable over Lee et al. {U.S. Publication No. 2003/0135465 Ai), in view of Sitbon et al. 
(U.S. Patent No. 5,568,487), in view of Schwabe (U.S. Patent No. 6,651,186), in view of OPT 
(Optimizations), and further i n view of Moeller (U.S. Patent 'No. 5,473,777). 

Group ill: Claim 2 

For reasons simitar to those set forth with respect to Issue #3, Group #1 , appellant respectfully 
asserts that at least the third element of the prima facie case of obviousness has not been met, as 
noted above. 

Group $2: Claims 3, 5, 9- JO, 12, 16-17, 19, and 25 

For reasons similar to those set forth with respect to Issue #2, Group #1, appellant respectfully 
asserts that at least the third element of the prima facie case of obviousness has not been met, as 
noted above. 



Group $3: Claims 4, 11, and 18 
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The Examiner has relied on the following Moeller excerpt to make a prior art showing of 
appellant's claimed "wherein the extractor code is further adapted for interfacing with the second 
application program interface" (see Claim 4 et al.). 




In addition, the Examiner has specifically argued thai the "extractor code is [the] wrapper for 
implementing the API of the class library" Appellant respectfully disagrees In particular, the 
wrapper disclosed in Moeller simply "provides an object-oriented interface to a procedural 
operating system having a native procedural interface" (Col. 6, lines 38-40). Further, the excerpt 
relied on by the Examiner only discloses "multiple code libraries (not shown) related to the 
wrapper." Clearly, a wrapper that provides an interface to an operating system and that is related 
to code libraries, as in Moeller, fails to support the Examiner's allegation that the "extractor code 
is [the] wrapper for implementing the API of the class library," as noted by the Examiner. 



Furthermore, appellant respectfully asserts that above excerpt from Moeller does not even 
suggest that "the extractor code is further adapted for interfacing with the second application 
program interface," and especially not where the "extractor code [is] adapted for extracting the 
data," in the context claimed by appellant. 

Appellant respectfully asserts that at least the third element of the prima facie case of 
obviousness has not been met, as noted above. 



Group £4: Claims 6, 13 and 20 



The Examiner has relied on the following Moeller excerpt to make a prior art showing of 
appellant's claimed "wherein the location in memory is where a routine is stored for allowing the 
selected applications to access the network" (see Claim 6 et al.). 



"The libra ey serves processes th% segues t by accessing the desired 
oc p ter progr 1c i frc - e ocds librar - sendi t e leg i red 
computer program logic , "ha area of. memory designated by the 
destination address." (Col. 9, tines 17-20} 
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Appellant respectfully asserts that such excerpt fails to even suggest any sort of "location in 
memory . . . where a routine is stored for allowing the selected applications to Laceess^the network " 
(emphasis added), as claimed. In particular, merely disclosing that a library server sends logic to 
an area of memory, as in Moeller, simply does not meet the specificity of appellant's claims, as 
noted above. 

Appellant respectfully asserts that at least the third element of the prima facie case of 
obviousness has not been met, as noted above. 

Issue #5 

The Examiner has rejected Claims 7, 14 and 21 under 35 U.S.C. 103(a) as being unpatentable 
over I.ee ei al. (U.S. Publication No. 2003/0135465 A.!), in view of Sitbon et. al (U.S. Patent No. 
5,568,487), in view of Schwabe (U.S. Patent No. 6,651,186), and further in view of Alexander et 
al. (U.S. Patent No. 6,748,343). 

Group ill: Claims 7, 14 and 21 

The Examiner has relied on the following excerpt from Alexander to make a prior an showing of 
appellant's claimed '"allowing a user to select the applications to be allowed to access the 
network via the second application program interfaced' 

v \,.a computer display operable to generate a user Interface for 
obtaining a user selection of client, premises, location, monitoring 
device, and processing role data and to transmit the data to the 
processing server " (Col. 19, lines 'i3-56; 

Appellant respectfully asserts that the above excerpt from Alexander does not teach any sort of 
applicant t s i\ 11 ant claims, but instead only discloses selecting items associated with 
transmitting data, such as a client, location, etc. In addition, there is no mention in the above 
excerpt of am t\ pe of so, ond apj i <n (face, as claimed, especially where such 

"second application program interface [is] adapted for precluding the applications from 
accessing the network" in the context claimed (see independent claim for context). Simply 
nowhere in the abov e excerpt relied on by the Examiner is there any menti on of "allowi ng a user 
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to select the applications to be allowed to access the network via the second application program 
interface" (emphasis added), as claimed. 

Appellant respectfully asserts that at least the third element of the prima facie case of 
obviousness has not been met, as noted above. 

The Examiner has rejected Claim 27 under 35 U.S.C. 103(a) as being unpatentable over Lee et 
al. (U.S. Publication No 2003/01 35465 Al }, in view of Sitbon et ai (U.S. Patent No. 5,568,487), 
in view of Schwabe (U.S. Patent 'No. 6,651,186), and further in view of Michael Norton (Basics 
of Network Segmentation: Switching and Bridging). 

Group § I: Claim 27 

The Exami ner has relied on Michael Norton's disclosure of a network card that attempts to 
transmit frames onto a wire (Consuming bandwidth: lines 4-5) to make a prior art showing of 
appellant's claimed technique "wherein the second application program interface is adapted for 
precluding the applications from accessing the network utilizing a network card." 

Appellant respectfully asserts that Michael Norton simply discloses a network card that attempts 
to.transmlt.frames , which does not meet, and even leaches away from, appellant's specific claim 
language, hi particular, the network card claimed by appellant is utilized for "the second 
application program interface precluding the applications from accessing the network" 
(emphasis added), as claimed. 

Appellant respectfully asserts that at least the first and third element of the prima facie case of 
obviousness has not been met, as noted above. 



] ssue ? ; 
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The Examiner has rejected Claim 28 under 35 U.S.C. 103(a) as being unpatentable over Lee et. 
al. (U.S. Publication No. .2003/0135465 Al), in view of Sitbon et a? ( U.S. Patent No. 5,568,487), 
in view of Schwabe (U.S. Patent No. 6,651,186), and further in view of Bermudez et al. (U.S. 
Patent No, 6,874,149). 

Group Hi: Claim 28 

For reasons similar to those set forth with respect to Issue #2, Group #1, appellant respectfully 
asserts that at least the third element of tht prima facie case of obviousness has not been met, as 
noted above. 

In view of the remarks set forth hereinabove, all of the independent claims are deemed 
allowable, along with any claims depending therefrom. 
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VIII CLAIMS APPENDIX (37 CF.R. § 4l.37(c)(I)(vm)) 

The text of the claims involved in the appeal (along with associated status information) is set 
forth below: 

1 . (Previously Presented) A method for management of network access on a per application 
basis, comprising: 

(a) selecting applications from a group of applications adapted for working in conjunction 
with a first application program interface to gain access to a network, the first application 
program interface adapted for permitting the applications to gain access to the network; 

(b) installing a second application program interface adapted for precluding the applications 
from accessing the network; and 

(c) wrapping the selected applications for allowing the selected applications to access the 
network via the second application, program interface, where the selected applications 
would otherwise be precluded network access by the second application program 
interface. 

2. (Previously Presented) The method as recited in claim 1 , wherein the selected 
applications are wrapped with a wrapper adapted for compressing data in a portable 
executable (PE) image that provides compression of data associated with the applications. 

3 . (Original) The method as recited in claim 2, wherein the wrapper equips the compressed 
data with extractor code adapted for extracting the data in the PE image. 

4. (Original) The method as recited in claim 3, wherein the extractor code is further adapted 
for interfacing with the second application program interface. 

5. (Original) The method as recited in claim 2, wherein the wrapper is further adapted for 
identifying a location in memory. 

6. (Original) The method as recited in claim 5, wherein the location in memory is where a 
routine is stored for allowing the selected applications to access the network. 
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7. (Original) The method as recited in claim 1, and further comprising allowing a user to 
select the applications to be allowed to access the network via the second application 
program interface. 

S (Previously Presented ) A computer program product for management of network access 
on a per application basis, comprising: 

(a) computer code for selecting applications from a group of applications adapted for 
working in conjunction with a first application program interface to gain access to a 
network, the first application program interface adapted for permitting the applications to 
gain access to the network; 

(b) computer code for installing a second application program interface adapted for 
precluding the applications from accessing the network; and 

(c) computer code for wrapping the selected applications for allowing the selected 
applications to access the network via the second application program interface, where 
the selected applications would otherwise be precluded network access by the second 
application program interface. 

9. (Previously Presented) The computer program product, as recited in claim. 8, wherein, the 
selected applications are wrapped with a wrapper adapted for compressing data in a 
portable executable (PE) image that provides compression of data associated with the 
applications. 

1 0. (Original) The computer program product as recited in claim 9, wherein the wrapper 
equips the compressed data with extractor code adapted for extracting the data in the PE 
image. 

1 1 . (Original) The computer program product as recited in claim 10, wherein the extractor 
code is further adapted for interfacing with the second application program interface. 

.1 2. (Original) The computer program product as recited in claim 9, wherein the wrapper is 
further adapted for identifying a location in memory. 
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13 , (Original) The computer program product as recited in claim 12, wherein the location in 
memory is where a routine is stored for allowing the selected applications to access the 
network. 

1 4. (Original) The comparer program product as recited Ln claim 8, and further comprising 
computer code for al lowing a user to select the applications to be allowed to access the 
network via the second application program interface. 

15. (Previously Presented) A system for management of network access on a per application 
basis, comprising: 

(a) logic for selecting applications from a group of applications adapted for working in 
conjunction with a first application program interface to gain access to a network, the 
first application program interface adapted for permitting the applications to gain access 
to the network; 

(b) logic for installing a second application program interface adapted for precluding the 
applications from accessing the network; and 

(c) logic for wrapping the selected applications for allowing the selected applications to 
access the network via the second application program interface, where the selected 
applications would otherwise be precluded network access by the second application 
program interface. 

16. (Previously Presented) The system as recited in claim .15, wherein the selected 
applications are wrapped with a wrapper adapted for compressing data in a portable 
executable (PE) image that provides compression of data associated with the applications. 

1 7. (Original) The system as recited in claim 16, wherein the wrapper equips the compressed 
data with extractor code adapted for extracting the data in the PE image. 

18. (Original) The system as recited in claim 17, wherein the extractor code is further 
adapted for interfacing with the second application program interface. 
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1 9. (Original) The system as recited in claim 16, wherein the wrapper is further adapted for 
identifying a location in memory. 

20. (Original) The system as recited in claim 19, wherein the location in memory is where a 
routine is stored for allowing the selected applications to access the network. 

2 1 . (Original) The system as recited in claim 1 5, and further comprising logic for allowing a 
user to select the applications to be allowed to access the network via the second 
application program interface. 

22. ( Previously Presented) A system for management of network access on a per application 
basis, comprising: 

(a) means for selecting applications from a group of applications adapted for working in 
conjunction with a first application program interface to gain access to a network;, the 
first applk mo ram interface adapted permitting the applications to gain access to 
the network; 

(b) means for installing a second application program interface adapted for precluding the 
applications from accessing the network; and 

(c) means for wrapping the selected applications for allowing the selected applications to 
access the network via the second application program interface, where the selected 
applications would otherwise be precluded network access by the second application 
program interface. 

23. (Previously Presented) A data structure stored in memory for management of network 
access on a per application basis, comprising: 

(a) application program interface object for precluding a plurality of applications from 
accessing a network, wherein a permitting application program interface is adapted for 
permitting the applications to gain access to the network; and 

(b) a wrapper object for wrapping selected applications for allowing the selected applications 
to access the network via the application program interface object, where the selected 
applications would otherwise be precluded network access by the application program 
interface object 
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24. (Previously Presented) A method for management of network access on. a per application 
basis, comprising; 

(a) installing a precluding application program interface adapted for precluding a plurality of 
applications from accessing a network, wherein a permitting application program 
interface is adapted for permitting the applications to gain access to the network; and 

(b) wrapping a plurality of selected applications for allowing the selected applications to 
access the network via the precluding application program interface, where the selected 
applications would otherwise be precluded network access by the precluding application 
program interface. 

25. (Previously Presented) The method as recited in claim 2, wherein the PE image includes 
a header, a stub program, a file signature, a . text section header, a .bss section header, a 
.rdata section header, and a .debug section header 

26. (Previously Presented) The method as recited in claim k wherein the applications include 
a word processor application, a database program, a browser program, a development 
tool program, a. drawing program, an image editing program, and a communication 
program. 

27. (Previously Presented) The method as recited in claim 1 , wherein the second application 
program interface is adapted for precluding the applications from accessing the network 
utilizing a network card. 

28. (Previously Presented) The method as recited in claim I, wherein the second application 
program interface includes a modified copy of the first application program interface. 
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(Previously Presented) The method as recited in claim I , wherein the second application 
program interface is separate from the first application program interface. 



IX EVIDENCE APPENDIX (37 C.F.R. § 4l.37(c)(l)(ix)) 

There is no such evidence. 
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X RELATED PROCEEDING APPENDIX (37 CF,R. § 41.37(c)(l)(x)) 

Since no decision(s) has been rendered in such proceeding^), no material is included in this 
Related Proceedings Appendix. 
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ln the event a telephone conversation would expedite the prosecution of this application, the 
Examiner may reach the undersigned at (408) 971-2573. For payment of any additional fees due 
in connection with the filing of this paper, the Commissioner is authorized to charge such fees to 
Deposit Account No. 50-1351 (Order No. Order No. NAI1P096). 



Respectful ly submitted. 



By; /KEViNZiLKA/ Date: May 14. 2007 

Kevin J. Zilka 
Reg. No. 41,429 

Zilka-Kotab, P.C. 

P.O. Box 721 120 

San Jose, California 951 72-1 120 

Telephone: (408)971-2573 

Facsimile: (408) 971-4660 



